How to remove “MSIL/Kryptik.WAD”?

The MSIL/Kryptik.WAD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Kryptik.WAD virus can do?

The binary likely contains encrypted or compressed data.
Network activity detected but not expressed in API logs

How to determine MSIL/Kryptik.WAD?


File Info:
crc32: 64F125C9
md5: 5968e48d455d9022ba9603abb1e7ec65
name: ron.exe
sha1: 07589dcd965557b16b85b74ba8a6ee2ae0e32392
sha256: af252182c0fb55296965f32665b5a8c3e4da0863f9b569ca4b88a781adece54b
sha512: 1a1fcee558fb26f24749471124a98a3d504b35c5372b050126a55a7ff89b5513dfe8cc15d3366ee4971c7a6419608e50aff495fe27d0d074b82f943b7e59c2c3
ssdeep: 6144:fem9jNmzrG/QCDhumrBEAlqN+h81PC4Ryu/em6X4DUwiRv9Tkvw:H0fYXDNN9l+281TyCL6XGKk
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: arche noVa 2020 (C)
Assembly Version: 2020.0.8.1
InternalName: BCqNygiNrDfSKx.exe
FileVersion: 2020.0.8.1
CompanyName: arche noVa
LegalTrademarks: arche noVa
Comments: arche noVa is a non-profit- and non-governmental organisation working primarily on the field of humanitarian aid, development cooperation and education.
ProductName: MidtermFirstBuild
ProductVersion: 2020.0.8.1
FileDescription: MidtermFirstBuild
OriginalFilename: BCqNygiNrDfSKx.exe

MSIL/Kryptik.WAD also known as:

MicroWorld-eScan	Gen:Variant.MSILPerseus.224337
CAT-QuickHeal	Backdoor.MSIL
Qihoo-360	Generic/Backdoor.23a
ALYac	Gen:Variant.MSILPerseus.224337
Malwarebytes	Trojan.PCrypt.MSIL.Generic
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.MSIL.Remcos.m!c
Sangfor	Malware
K7AntiVirus	Trojan ( 005673621 )
BitDefender	Gen:Variant.MSILPerseus.224337
K7GW	Trojan ( 005673621 )
Arcabit	Trojan.MSILPerseus.D36C51
TrendMicro	TROJ_GEN.R002C0DER20
F-Prot	W32/MSIL_Kryptik.ASY.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.WAD
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.MSIL.Remcos.gen
Alibaba	Trojan:Win32/Kryptik.ali2000016
Rising	Backdoor.Remcos!8.B89E (CLOUD)
Ad-Aware	Gen:Variant.MSILPerseus.224337
Emsisoft	Gen:Variant.MSILPerseus.224337 (B)
F-Secure	Trojan.TR/AD.Bladabindi.njykg
DrWeb	Trojan.KillProc2.10580
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
Fortinet	MSIL/Agent.9D7E!tr
FireEye	Generic.mg.5968e48d455d9022
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Krypt
Cyren	W32/MSIL_Kryptik.ASY.gen!Eldorado
Jiangmin	Backdoor.MSIL.cytj
Webroot	W32.Trojan.Gen
Avira	TR/AD.Bladabindi.njykg
MAX	malware (ai score=100)
Endgame	malicious (high confidence)
Microsoft	TrojanSpy:MSIL/AgentTesla.SM!MTB
ZoneAlarm	HEUR:Backdoor.MSIL.Remcos.gen
AhnLab-V3	Malware/Win32.RL_Generic.C4106668
McAfee	Trojan-FSJJ!5968E48D455D
VBA32	TScope.Trojan.MSIL
Cylance	Unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DER20
Tencent	Win32.Trojan.Inject.Auto
SentinelOne	DFI – Malicious PE
GData	Gen:Variant.MSILPerseus.224337
BitDefenderTheta	Gen:NN.ZemsilF.34122.Am0@a8febci
AVG	Win32:PWSX-gen [Trj]
Avast	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (W)
MaxSecure	Trojan.Malware.300983.susgen

How to remove MSIL/Kryptik.WAD?

MSIL/Kryptik.WAD removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X